Google Finds 7 Security Flaws in Widely Used Dnsmasq Network Software
Security researchers have discovered not one or two, but a total of seven security vulnerabilities in the popular open source Dnsmasq network services software, three of which could allow remote code execution on a vulnerable system and hijack it.
Dnsmasq is a widely used lightweight network application tool designed to provide DNS (Domain Name System) forwarder, DHCP (Dynamic Host Configuration Protocol) server, router ads and network boot services for small networks.
Dnsmasq comes pre-installed on various devices and operating systems, including Linux distributions such as Ubuntu and Debian, home routers, smartphones and Internet of Things (IoT) devices. A shodan scan for “Dnsmasq” reveals around 1.1 million instances worldwide.
Recently, Google’s security team reviewed Dnsmasq and discovered seven security issues, including DNS-related remote code execution, information disclosure, and denial-of-service (DoS) issues that can be triggered via DNS or DHCP.
“We discovered seven distinct issues (listed below) over the course of our regular internal security assessments,” Google’s security team wrote in a blog post published on Monday.
“Once we determined the severity of these issues, we worked to investigate their impact and exploitability and then produced internal proofs of concept for each of them. We also worked with the maintainer of Dnsmasq, Simon Kelley, to produce appropriate patches and mitigate the issue.”
Since the vulnerabilities have now been patched by Dnsmasq developer and maintainer Simon Kelley, Google researchers have released details and proof-of-concept (PoC) exploit code for each of the vulnerabilities.
Out of seven vulnerabilities discovered by the team, three can be exploited to perform remote code execution, three can be used in denial of service attacks, and one information leakage flaw.
Here’s the List of All Vulnerabilities:
- CVE-2017-14491—A DNS-based remote code execution vulnerability in Dnsmasq versions before 2.76 is marked as the most severe that allows for unrestricted heap overflows, affecting both directly exposed and internal network setups.
- CVE-2017-14492—Another remote code execution vulnerability due to a DHCP-based heap overflow issue.
- CVE-2017-14493—Another noteworthy DHCP-based remote code execution bug caused by a stack buffer overflow. According to Google, this flaw is trivial to exploit if it’s used in conjunction with the flaw (CVE-2017-14494) mentioned below.
- CVE-2017-14494—An information leak in DHCP which can be combined with CVE-2017-14493 to allow attackers bypass ASLR security mechanism and execute arbitrary code on a target system.
- CVE-2017-14495—A flaw in Dnsmasq which can be exploited to launch a denial of service (DoS) attack by exhausting memory via DNS. The flaw impacts dnsmasq only if one of these options is used: –add-mac, –add-cpe-id or –add-subnet.
- CVE-2017-14496—Google’s Android operating system is specifically affected by this DoS issue which can be exploited by a local hacker or one who is tethered directly to the device. However, Google pointed out the service itself is sandboxed, so the risk to Android users is reduced.
- CVE-2017-14497—Another DoS issue wherein a large DNS query can crash the software.
Since all the issues have already been addressed with the release of Dnsmasq 2.78, Dnsmasq users are advised to update their installations as soon as possible.
To patch your devices, make sure to upgrade packages on your system. Google has updated its affected services and released the security fixes to Android partners on 5 September 2017 in October’s Android security updates.
Other affected Google services are also claimed to be updated. Kubernetes versions 1.5.8, 1.6.11, 1.7.7, and 1.8.0 have also been updated with a patched Dnsmasq.
cve
cve
CVE-2017-14496
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the –add-mac, –add-cpe-id or –add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
CVE-2017-14494
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
CVE-2017-14492
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
Expand more
seebug
seebug
Dnsmasq DoS Vulnerability(CVE-2017-14496)
No description provided by source.
Dnsmasq Heap based overflow(CVE-2017-14492)
Details: #### 1) Build the docker and open two terminals “ docker build-t dnsmasq . docker run –rm-t-i –name dnsmasq_test dnsmasq bash docker cp poc.py dnsmasq_test:/poc.py docker exec-it <container_id> bash “ #### 2) On one terminal, start dnsmasq: “ # /test/dnsmasq_noasn/src/dnsmasq –no-daemon –dhcp-range=fd00::2,fd00::ff –enable-ra dnsmasq: started, version 2. 78test2-8-ga3303e1 cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dnsmasq-dhcp: DHCPv6, IP range fd00::2 — fd00::ff, lease time 1h dnsmasq-dhcp: router advertisement on fd00:: dnsmasq-dhcp: IPv6 router advertisement enabled dnsmasq: reading /etc/resolv. conf dnsmasq: using nameserver 8.8.8.8#53 dnsmasq: using nameserver 8.8.4.4#53 dnsmasq: read /etc/hosts – 7 addresses “ #### 3) On another terminal, start the PoC: “ # python /poc.py ::1 547 [+] sending 2050 bytes to ::1 “ #### 4) Dnsmasq will output the following: Segmentation fault (core dumped)
Dnsmasq DoS Vulnerability(CVE-2017-14495)
No description provided by source.
Expand more
exploitdb
exploitdb
Dnsmasq < 2.78 – Integer Underflow
Dnsmasq < 2.78 – Integer Underflow. CVE-2017-14496. Dos exploit for Multiple platform
Dnsmasq < 2.78 – Information Leak
Dnsmasq < 2.78 – Information Leak. CVE-2017-14494. Dos exploit for Multiple platform
Dnsmasq < 2.78 – Heap-Based Overflow
Dnsmasq < 2.78 – Heap-Based Overflow. CVE-2017-14492. Dos exploit for Multiple platform
Expand more
packetstorm
packetstorm
Dnsmasq Integer Underflow
Dnsmasq Information Leak
Dnsmasq Heap-Based Overflow
Expand more
openvas
openvas
RedHat Update for dnsmasq RHSA-2017:2836-01
Check the version of dnsmasq
Ubuntu Update for dnsmasq USN-3430-1
Check the version of dnsmasq
Fedora Update for dnsmasq FEDORA-2017-515264ae24
Check the version of dnsmasq
Expand more
nessus
nessus
Scientific Linux Security Update : dnsmasq on SL7.x x86_64
Security Fix(es) : – A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) – A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra- names, ra-advrouter, or ra-stateless. (CVE-2017-14492) – A stack-based buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) – An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) – A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add- subnet. (CVE-2017-14495) – An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add- subnet. (CVE-2017-14496)
openSUSE Security Update : dnsmasq (openSUSE-2017-1116)
This update for dnsmasq fixes the following security issues : – CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] – CVE-2017-14492: heap based overflow. [bsc#1060355] – CVE-2017-14493: stack based overflow. [bsc#1060360] – CVE-2017-14494: DHCP – info leak. [bsc#1060361] – CVE-2017-14495: DNS – OOM DoS. [bsc#1060362] – CVE-2017-14496: DNS – DoS Integer underflow. [bsc#1060364] This update was imported from the SUSE:SLE-12-SP1:Update update project.
Debian DSA-3989-1 : dnsmasq – security update
Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbitrary code.
Expand more
oraclelinux
oraclelinux
dnsmasq security update
[2.76-2.2] – Small correction of CVE-2017-14491 [2.76-2.1] – Fix CVE-2017-14491 – Fix CVE-2017-14492 – Fix CVE-2017-14493 – Fix CVE-2017-14494 – Fix CVE-2017-14496 – Fix CVE-2017-14495 – extra fixes
dnsmasq security update
[2.48-18] – Fix CVE-2017-14491
dnsmasq security update
[2.45-1.1.0.1.el5] – Back port fix for CVE-2017-14491 from OL 6 errata ELSA-2017-2838
Expand more
ubuntu
ubuntu
Dnsmasq vulnerabilities
USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2017-14491](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14491>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2017-14492](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14492>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2017-14493](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14493>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote attacker could use this issue to possibly obtain sensitive memory contents. ([CVE-2017-14494](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14494>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. ([CVE-2017-14495](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14495>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. ([CVE-2017-14496](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14496>))
Dnsmasq vulnerabilities
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2017-14491](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14491>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2017-14492](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14492>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2017-14493](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14493>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote attacker could use this issue to possibly obtain sensitive memory contents. ([CVE-2017-14494](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14494>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. ([CVE-2017-14495](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14495>)) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. ([CVE-2017-14496](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14496>))
gentoo
gentoo
Dnsmasq: Multiple vulnerabilities
### Background Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. ### Description Multiple vulnerabilities have been discovered in Dnsmasq. Please review the references below for details. ### Impact A remote attacker could execute arbitrary code or cause a Denial of Service condition via crafted DNS, IPv6, or DHCPv6 packets. ### Workaround There is no known workaround at this time. ### Resolution All Dnsmasq users should upgrade to the latest version: # emerge –sync # emerge –ask –oneshot –verbose “>=net-dns/dnsmasq-2.78”
redhat
redhat
(RHSA-2017:2836) Critical: dnsmasq security update
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
(RHSA-2017:2837) Critical: dnsmasq security update
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
(RHSA-2017:2840) Critical: dnsmasq security update
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.
Expand more
amazon
amazon
Critical: dnsmasq
**Issue Overview:** Information leak in the DHCPv6 relay code An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. ([CVE-2017-14494 __](<https://access.redhat.com/security/cve/CVE-2017-14494>)) Memory exhaustion vulnerability in the EDNS0 code A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. ([CVE-2017-14495 __](<https://access.redhat.com/security/cve/CVE-2017-14495>)) Integer underflow leading to buffer over-read in the EDNS0 code An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. ([CVE-2017-14496 __](<https://access.redhat.com/security/cve/CVE-2017-14496>)) Heap overflow in the code responsible for building DNS replies A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. ([CVE-2017-14491 __](<https://access.redhat.com/security/cve/CVE-2017-14491>)) Heap overflow in the IPv6 router advertisement code A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. ([CVE-2017-14492 __](<https://access.redhat.com/security/cve/CVE-2017-14492>)) Stack buffer overflow in the DHCPv6 code A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. ([CVE-2017-14493 __](<https://access.redhat.com/security/cve/CVE-2017-14493>)) **Affected Packages:** dnsmasq **Issue Correction:** Run _yum update dnsmasq_ to update your system. **New Packages:** i686: dnsmasq-2.76-2.14.amzn1.i686 dnsmasq-debuginfo-2.76-2.14.amzn1.i686 dnsmasq-utils-2.76-2.14.amzn1.i686 src: dnsmasq-2.76-2.14.amzn1.src x86_64: dnsmasq-utils-2.76-2.14.amzn1.x86_64 dnsmasq-debuginfo-2.76-2.14.amzn1.x86_64 dnsmasq-2.76-2.14.amzn1.x86_64
Medium: kernel
**Issue Overview:** A buffer overflow was discovered in tpacket_rcv() function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a kernel buffer. This can cause unspecified kernel data corruption effects, including damage of in-memory and on-disk XFS data. ([CVE-2017-14497 __](<https://access.redhat.com/security/cve/CVE-2017-14497>)) A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket’s diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. ([CVE-2017-7558 __](<https://access.redhat.com/security/cve/CVE-2017-7558>)) **Affected Packages:** kernel **Issue Correction:** Run _yum update kernel_ to update your system. **New Packages:** i686: kernel-debuginfo-common-i686-4.9.51-10.52.amzn1.i686 perf-4.9.51-10.52.amzn1.i686 kernel-debuginfo-4.9.51-10.52.amzn1.i686 kernel-tools-debuginfo-4.9.51-10.52.amzn1.i686 kernel-4.9.51-10.52.amzn1.i686 kernel-tools-4.9.51-10.52.amzn1.i686 kernel-headers-4.9.51-10.52.amzn1.i686 kernel-tools-devel-4.9.51-10.52.amzn1.i686 kernel-devel-4.9.51-10.52.amzn1.i686 perf-debuginfo-4.9.51-10.52.amzn1.i686 noarch: kernel-doc-4.9.51-10.52.amzn1.noarch src: kernel-4.9.51-10.52.amzn1.src x86_64: kernel-debuginfo-4.9.51-10.52.amzn1.x86_64 perf-4.9.51-10.52.amzn1.x86_64 kernel-headers-4.9.51-10.52.amzn1.x86_64 kernel-debuginfo-common-x86_64-4.9.51-10.52.amzn1.x86_64 perf-debuginfo-4.9.51-10.52.amzn1.x86_64 kernel-tools-devel-4.9.51-10.52.amzn1.x86_64 kernel-devel-4.9.51-10.52.amzn1.x86_64 kernel-tools-debuginfo-4.9.51-10.52.amzn1.x86_64 kernel-4.9.51-10.52.amzn1.x86_64 kernel-tools-4.9.51-10.52.amzn1.x86_64
centos
centos
dnsmasq security update
**CentOS Errata and Security Advisory** CESA-2017:2836 The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues. **Merged security bulletin from advisories:** http://lists.centos.org/pipermail/centos-announce/2017-October/022555.html **Affected packages:** dnsmasq dnsmasq-utils **Upstream details at:**
dnsmasq security update
**CentOS Errata and Security Advisory** CESA-2017:2838 The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue. **Merged security bulletin from advisories:** http://lists.centos.org/pipermail/centos-announce/2017-October/022554.html **Affected packages:** dnsmasq dnsmasq-utils **Upstream details at:**
cert
cert
Dnsmasq contains multiple vulnerabilities
### Overview Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. ### Description Multiple vulnerabilities have been reported in dnsmasq. [**CWE-122**](<https://cwe.mitre.org/data/definitions/122.html>)**: Heap-based Buffer Overflow** \- CVE-2017-14491 [**CWE-122**](<https://cwe.mitre.org/data/definitions/122.html>)**: Heap-based Buffer Overflow** \- CVE-2017-14492 [**CWE-121**](<https://cwe.mitre.org/data/definitions/121.html>)**: Stack-based Buffer Overflow** \- CVE-2017-14493 [**CWE-200**](<https://cwe.mitre.org/data/definitions/200.html>)**: Information Exposure** \- CVE-2017-14494 [**CWE-400**](<https://cwe.mitre.org/data/definitions/400.html>)**: Uncontrolled Resource Consumption(‘Resource Exhaustion’)** \- CVE-2017-14495 [**CWE-191**](<https://cwe.mitre.org/data/definitions/191.html>)**: Integer Underflow** \- CVE-2017-14496 Please see the [Google Security blog post](<https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html>) for additional information. — ### Impact Dnsmasq is a widely used piece of open-source software. These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. In some cases an attacker would need to induce one or more DNS requests. — ### Solution **Apply an Update** dnsmasq version 2.78 has been released to address these vulnerabilities. — ### Vendor Information Vendor| Status| Date Notified| Date Updated —|—|—|— dnsmasq| | 25 Sep 2017| 02 Oct 2017 Technicolor| | -| 18 Oct 2017 3com Inc| | 25 Sep 2017| 25 Sep 2017 ACCESS| | 25 Sep 2017| 25 Sep 2017 Actiontec| | 25 Sep 2017| 25 Sep 2017 Aerohive| | 25 Sep 2017| 25 Sep 2017 Alcatel-Lucent| | 25 Sep 2017| 25 Sep 2017 Amazon| | 25 Sep 2017| 25 Sep 2017 Android Open Source Project| | 25 Sep 2017| 25 Sep 2017 Apple| | 25 Sep 2017| 25 Sep 2017 Arch Linux| | 25 Sep 2017| 25 Sep 2017 Arista Networks, Inc.| | 25 Sep 2017| 25 Sep 2017 Aruba Networks| | 25 Sep 2017| 25 Sep 2017 AsusTek Computer Inc.| | 25 Sep 2017| 25 Sep 2017 AT&T;| | 25 Sep 2017| 25 Sep 2017 If you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23973527 Vendor Status Inquiry>). ### CVSS Metrics Group | Score | Vector —|—|— Base | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C Temporal | 8.7 | E:H/RL:OF/RC:C Environmental | 8.7 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND ### References * <http://www.thekelleys.org.uk/dnsmasq/doc.html> * <https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html> ### Credit Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team for reporting this vulnerability. This document was written by Trent Novelly. ### Other Information * CVE IDs: [CVE-2017-14491](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14491>) [CVE-2017-14492](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14492>) [CVE-2017-14493](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14493>) [CVE-2017-14494](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14494>) [CVE-2017-14495](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14495>) [CVE-2017-14496](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14496>) * Date Public: 02 Oct 2017 * Date First Published: 02 Oct 2017 * Date Last Updated: 18 Oct 2017 * Document Revision: 21
debian
debian
dnsmasq — security update
Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 2.72-3+deb8u2. For the stable distribution (stretch), these problems have been fixed in version 2.76-5+deb9u1. We recommend that you upgrade your dnsmasq packages.
linux — security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. * [CVE-2017-7518](<https://security-tracker.debian.org/tracker/CVE-2017-7518>) Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction. A process inside a guest can take advantage of this flaw for privilege escalation inside a guest. * [CVE-2017-7558](<https://security-tracker.debian.org/tracker/CVE-2017-7558>) (stretch only) Stefano Brivio of Red Hat discovered that the SCTP subsystem is prone to a data leak vulnerability due to an out-of-bounds read flaw, allowing to leak up to 100 uninitialized bytes to userspace. * [CVE-2017-10661](<https://security-tracker.debian.org/tracker/CVE-2017-10661>) (jessie only) Dmitry Vyukov of Google reported that the timerfd facility does not properly handle certain concurrent operations on a single file descriptor. This allows a local attacker to cause a denial of service or potentially execute arbitrary code. * [CVE-2017-11600](<https://security-tracker.debian.org/tracker/CVE-2017-11600>) Bo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial of service or potentially to execute arbitrary code. * [CVE-2017-12134](<https://security-tracker.debian.org/tracker/CVE-2017-12134>) / #866511 / XSA-229 Jan H. Schoenherr of Amazon discovered that when Linux is running in a Xen PV domain on an x86 system, it may incorrectly merge block I/O requests. A buggy or malicious guest may trigger this bug in dom0 or a PV driver domain, causing a denial of service or potentially execution of arbitrary code. This issue can be mitigated by disabling merges on the underlying back-end block devices, e.g.: `echo 2> /sys/block/nvme0n1/queue/nomerges` * [CVE-2017-12146](<https://security-tracker.debian.org/tracker/CVE-2017-12146>) (stretch only) Adrian Salido of Google reported a race condition in access to the driver_override attribute for platform devices in sysfs. If unprivileged users are permitted to access this attribute, this might allow them to gain privileges. * [CVE-2017-12153](<https://security-tracker.debian.org/tracker/CVE-2017-12153>) Bo Zhang reported that the cfg80211 (wifi) subsystem does not properly validate the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability (in any user namespace with a wifi device) can use this to cause a denial of service. * [CVE-2017-12154](<https://security-tracker.debian.org/tracker/CVE-2017-12154>) Jim Mattson of Google reported that the KVM implementation for Intel x86 processors did not correctly handle certain nested hypervisor configurations. A malicious guest (or nested guest in a suitable L1 hypervisor) could use this for denial of service. * [CVE-2017-14106](<https://security-tracker.debian.org/tracker/CVE-2017-14106>) Andrey Konovalov discovered that a user-triggerable division by zero in the tcp_disconnect() function could result in local denial of service. * [CVE-2017-14140](<https://security-tracker.debian.org/tracker/CVE-2017-14140>) Otto Ebeling reported that the move_pages() system call performed insufficient validation of the UIDs of the calling and target processes, resulting in a partial ASLR bypass. This made it easier for local users to exploit vulnerabilities in programs installed with the set-UID permission bit set. * [CVE-2017-14156](<https://security-tracker.debian.org/tracker/CVE-2017-14156>) sohu0106 reported an information leak in the atyfb video driver. A local user with access to a framebuffer device handled by this driver could use this to obtain sensitive information. * [CVE-2017-14340](<https://security-tracker.debian.org/tracker/CVE-2017-14340>) Richard Wareing discovered that the XFS implementation allows the creation of files with the realtime flag on a filesystem with no realtime device, which can result in a crash (oops). A local user with access to an XFS filesystem that does not have a realtime device can use this for denial of service. * [CVE-2017-14489](<https://security-tracker.debian.org/tracker/CVE-2017-14489>) ChunYu Wang of Red Hat discovered that the iSCSI subsystem does not properly validate the length of a netlink message, leading to memory corruption. A local user with permission to manage iSCSI devices can use this for denial of service or possibly to execute arbitrary code. * [CVE-2017-14497](<https://security-tracker.debian.org/tracker/CVE-2017-14497>) (stretch only) Benjamin Poirier of SUSE reported that vnet headers are not properly handled within the tpacket_rcv() function in the raw packet (af_packet) feature. A local user with the CAP_NET_RAW capability can take advantage of this flaw to cause a denial of service (buffer overflow, and disk and memory corruption) or have other impact. * [CVE-2017-1000111](<https://security-tracker.debian.org/tracker/CVE-2017-1000111>) Andrey Konovalov of Google reported a race condition in the raw packet (af_packet) feature. Local users with the CAP_NET_RAW capability can use this for denial of service or possibly to execute arbitrary code. * [CVE-2017-1000112](<https://security-tracker.debian.org/tracker/CVE-2017-1000112>) Andrey Konovalov of Google reported a race condition flaw in the UDP Fragmentation Offload (UFO) code. A local user can use this flaw for denial of service or possibly to execute arbitrary code. * [CVE-2017-1000251](<https://security-tracker.debian.org/tracker/CVE-2017-1000251>) / #875881 Armis Labs discovered that the Bluetooth subsystem does not properly validate L2CAP configuration responses, leading to a stack buffer overflow. This is one of several vulnerabilities dubbed Blueborne. A nearby attacker can use this to cause a denial of service or possibly to execute arbitrary code on a system with Bluetooth enabled. * [CVE-2017-1000252](<https://security-tracker.debian.org/tracker/CVE-2017-1000252>) (stretch only) Jan H. Schoenherr of Amazon reported that the KVM implementation for Intel x86 processors did not correctly validate interrupt injection requests. A local user with permission to use KVM could use this for denial of service. * [CVE-2017-1000370](<https://security-tracker.debian.org/tracker/CVE-2017-1000370>) The Qualys Research Labs reported that a large argument or environment list can result in ASLR bypass for 32-bit PIE binaries. * [CVE-2017-1000371](<https://security-tracker.debian.org/tracker/CVE-2017-1000371>) The Qualys Research Labs reported that a large argument or environment list can result in a stack/heap clash for 32-bit PIE binaries. * [CVE-2017-1000380](<https://security-tracker.debian.org/tracker/CVE-2017-1000380>) Alexander Potapenko of Google reported a race condition in the ALSA (sound) timer driver, leading to an information leak. A local user with permission to access sound devices could use this to obtain sensitive information. Debian disables unprivileged user namespaces by default, but if they are enabled (via the kernel.unprivileged_userns_clone sysctl) then [CVE-2017-11600](<https://security-tracker.debian.org/tracker/CVE-2017-11600>), [CVE-2017-14497](<https://security-tracker.debian.org/tracker/CVE-2017-14497>) and [CVE-2017-1000111](<https://security-tracker.debian.org/tracker/CVE-2017-1000111>) can be exploited by any local user. For the oldstable distribution (jessie), these problems have been fixed in version 3.16.43-2+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 4.9.30-2+deb9u5. We recommend that you upgrade your linux packages.
suse
suse
Security update for dnsmasq (important)
This update for dnsmasq fixes the following security issues: – CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] – CVE-2017-14492: heap based overflow. [bsc#1060355] – CVE-2017-14493: stack based overflow. [bsc#1060360] – CVE-2017-14494: DHCP – info leak. [bsc#1060361] – CVE-2017-14495: DNS – OOM DoS. [bsc#1060362] – CVE-2017-14496: DNS – DoS Integer underflow. [bsc#1060364] This update was imported from the SUSE:SLE-12-SP1:Update update project.
Security update for dnsmasq (important)
This update for dnsmasq fixes the following issues. Remedy the following security issues: – CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] – CVE-2017-14492: heap based overflow. [bsc#1060355] – CVE-2017-14493: stack based overflow. [bsc#1060360] – CVE-2017-14494: DHCP – info leak. [bsc#1060361] – CVE-2017-14495: DNS – OOM DoS. [bsc#1060362] – CVE-2017-14496: DNS – DoS Integer underflow. [bsc#1060364] – Prevent a man-in-the-middle attack (bsc#972164, fate#321175). Furthermore, the following issues have been fixed: – Fix DHCP relaying, broken in 2.76 and 2.77. – Update to version 2.78 (fate#321175, fate#322030, bsc#1035227). – Fix PXE booting for UEFI architectures (fate#322030). – Drop PrivateDevices=yes which breaks logging (bsc#902511, bsc#904537) – Build with support for DNSSEC (fate#318323, bsc#908137). Please note that this update brings a (small) potential incompatibility in the handling of "basename" in –pxe-service. Please read the CHANGELOG and the documentation if you are using this option.
Security update for dnsmasq (important)
This update for dnsmasq fixes the following security issues: – CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] – CVE-2017-14492: heap based overflow. [bsc#1060355] – CVE-2017-14493: stack based overflow. [bsc#1060360] – CVE-2017-14494: DHCP – info leak. [bsc#1060361] – CVE-2017-14495: DNS – OOM DoS. [bsc#1060362] – CVE-2017-14496: DNS – DoS Integer underflow. [bsc#1060364] This update brings a (small) potential incompatibility in the handling of "basename" in –pxe-service. Please read the CHANGELOG and the documentation if you are using this option.
Expand more
freebsd
freebsd
dnsmasq — multiple vulnerabilities
Google Project Zero reports: CVE-2017-14491: Heap based overflow (2 bytes). Before 2.76 and this commit overflow was unrestricted. CVE-2017-14492: Heap based overflow. CVE-2017-14493: Stack Based overflow. CVE-2017-14494: Information Leak CVE-2017-14495: Lack of free() CVE-2017-14496: Invalid boundary checks. Integer underflow leading to a huge memcpy. CVE-2017-13704: Crash on large DNS query
myhack58
myhack58
dnsmasq:exposure out of the plurality of levels is quite high vulnerability-vulnerability warning-the black bar safety net
dnsmasq as a lightweight DNS and DHCP do, thanks to its simple and easy to use, in the SME case, and the Cloud Platform is widely used, contains libvirt, etc., component the YAP indirect application of it as a support. 2017 10 on 2 September, by Google safe team invention, a plurality of dnsmasq ping vulnerability flaws bug is to show it. It is reported that this vulnerability flaws bug number for CVE-2017-14491, CVE-2017-14492, CVE-2017-14493 three vulnerabilities flaws bug is coherent vendors sign a major grade, the residue remaining number is CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704 vulnerability flaws bug is marked for tense grade. 360CERT initiative wide application of the dnsmasq user as soon as possible to stop investigation into the level of disposal. 0x01 confound the impact Affect The affected dnsmasq-DOS suffered the long haul feel free to rate code honour onslaught or long distance rebuff-do onslaught, the formation of the host being invaded or clerk is not available, the persecution is significant. Impact version ! [](/Article/UploadPic/2017-10/2017101016116846. png? www. myhack58. com) This Central door vulnerability flaws bug the application required the case of non-is not tacit approval, if necessary 零丁 set equipment decoration, detail the following: ! [](/Article/UploadPic/2017-10/2017101016116886. png? www. myhack58. com) Fix version Version 2.78 0x02 sector vulnerability flaws bug tips information CVE-2017-14491: major CVE-2017-14491 is this batch of vulnerabilities flaws bug the list of the most significant vulnerabilities flaws bug, and the impact of the dnsmasq sectors version. Onslaught’s necessary a control of the vicious thoughts of a domain(e.g.,evil.com)and sends a DNS begging to dnsmasq, so make dnsmasq cache under the domain name to the begging of. Then through the process the core structure of the DNS sorrow begging drop responses, will lead to dnsmasq presented on the heap memory bounds, the vulnerability flaws of the bug is capable of forming arbitrarily the rate of the code to fulfill. Memory bounds information: ! [](/Article/UploadPic/2017-10/2017101016116856. png? www. myhack58. com) CVE-2017-14492 and CVE-2017-14493: major This 2 vulnerability flaws bugs are present in the IPv6/DHCPv6 effect, A is the stack cross-border, and the other is the stack bounds. Two vulnerabilities flaws bugs are capable of forming a code to fulfill this in CVE-2017-14493 code to perform dangerous can be the Gcc Stack Protector to slow down. Reality, this 2 vulnerability flaws bug the necessary dnsmasq turned on DHCP and bound to the IPv6 interface of the case can be triggered. Else, onslaught’s necessary in the local network and the necessary to a host of root access to structure specific DHCPv6 or IPv6 Router Advertisement news to the onslaught of. Necessary to note that dnsmasq in the 2.60 version only after the beginning of the support for DHCPv6 and IPv6 Router Advertisement to is the previous version are not affected. CVE-2017-14494: nervous The vulnerability flaws of the bug present in the DHCPv6 effect finish, can be formed dnsmasq memory read out of bounds via a process of DHCPv6 to the package leaked to the onslaught. As later vulnerability flaws bug said, the vulnerability flaws bugs affecting the version 2. 60 to 2.77, in version 2.78 in to be repaired. 0x03 peace initiative 1. Coherent Linux published version once the supply of the Ping An update, via a process yum or apt-get in the situation to stop the Ping An update. 2. To the official website to download the latest version build device Links: http://www.thekelleys.org.uk/dnsmasq/doc.html 0x04 time line 2017-10-02 confound show 2017-10-09 360CERT announced warning notices
slackware
slackware
dnsmasq
New dnsmasq packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/dnsmasq-2.78-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and remotely exploitable security issues that may have impacts including denial of service, information leak, and execution of arbitrary code. Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes, and Gynvael Coldwind of the Google Security Team. For more information, see: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14491 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14495 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14496 (* Security fix *) Where to find the new packages: Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! 🙂 Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/dnsmasq-2.78-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/dnsmasq-2.78-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dnsmasq-2.78-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dnsmasq-2.78-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dnsmasq-2.78-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dnsmasq-2.78-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/dnsmasq-2.78-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/dnsmasq-2.78-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/dnsmasq-2.78-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/dnsmasq-2.78-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/dnsmasq-2.78-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/dnsmasq-2.78-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dnsmasq-2.78-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dnsmasq-2.78-x86_64-1.txz MD5 signatures: Slackware 13.0 package: 800a3d6b24218dc429f4134d501e86f1 dnsmasq-2.78-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 0105b3739bf8fe5facc69f65c0ecdef0 dnsmasq-2.78-x86_64-1_slack13.0.txz Slackware 13.1 package: 7a64b79ea81839a6e3d7d1de1aa4be4e dnsmasq-2.78-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 3d8c06022e52c377cbed0d70b74deb52 dnsmasq-2.78-x86_64-1_slack13.1.txz Slackware 13.37 package: 55d84ac9cdd80d7ce2b5f7ec729be0cc dnsmasq-2.78-i486-1_slack13.37.txz Slackware x86_64 13.37 package: c20c2d8654abfc348e57492c5e183c07 dnsmasq-2.78-x86_64-1_slack13.37.txz Slackware 14.0 package: 26bed84f2940b0bf857c51b1b56c75f6 dnsmasq-2.78-i486-1_slack14.0.txz Slackware x86_64 14.0 package: b64f5da9dc3b8378ed6cd603699cf919 dnsmasq-2.78-x86_64-1_slack14.0.txz Slackware 14.1 package: 3b705c73c476c1edeb969ca9b4fbcc16 dnsmasq-2.78-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f87ca78a633e87cb82d95003bf644656 dnsmasq-2.78-x86_64-1_slack14.1.txz Slackware 14.2 package: 3b914f91a78103da3e6be9af33a3fe01 dnsmasq-2.78-i586-1_slack14.2.txz Slackware x86_64 14.2 package: c8f5e3233dee57de8f46523d6ead2891 dnsmasq-2.78-x86_64-1_slack14.2.txz Slackware -current package: a3d6c00a868f061c6ca4ae38b8f2eb39 n/dnsmasq-2.78-i586-1.txz Slackware x86_64 -current package: e2647e7394ce07c70243aedeee040788 n/dnsmasq-2.78-x86_64-1.txz Installation instructions: Upgrade the package as root: > upgradepkg dnsmasq-2.78-i586-1_slack14.2.txz If dnsmasq is running, restart it: > sh /etc/rc.d/rc.dnsmasq restart
huawei
huawei
Security Advisory – Seven vulnerabilities in Google Dnsmasq
Dnsmasq is a widely used piece of open-source softwarea designed to provide DNS, DHCP, Dnsmasq 2.77 and before version contains 7 security vulnerabilities. There is a heap buffer overflow vulnerability in dnsmasq in the code responsible when building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-10139) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14491. There is a heap buffer overflow vulnerability in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (Vulnerability ID: HWPSIRT-2017-10140) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14492. There is a stack buffer overflow vulnerability in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-10141) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14493. There is an information leak vulnerability in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (Vulnerability ID: HWPSIRT-2017-10142) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14494. There is a memory exhaustion vulnerability in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (Vulnerability ID: HWPSIRT-2017-10143) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14495. There is an integer underflow vulnerability in the EDNS0 code leading to a buffer over-read. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (Vulnerability ID: HWPSIRT-2017-10144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14496. There is an integer overflow vulnerability in dnsmasq. An attacker could send crafted DNS packet size does not match the expected size, leading to dnsmasq crash. (Vulnerability ID: HWPSIRT-2017-10145) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-13704. Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en
f5
f5
Multiple dnsmasq vulnerabilities
F5 Product Development has evaluated the currently supported releases for potential vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: Product | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature —|—|—|—|— BIG-IP LTM | None | 13.0.0 12.0.0 – 12.1.2 11.4.1 – 11.6.1 11.2.1 | Not Vulnerable | None BIG-IP AAM | None | 13.0.0 12.0.0 – 12.1.2 11.4.1 – 11.6.1 | Not Vulnerable | None BIG-IP AFM | None | 13.0.0 12.0.0 – 12.1.2 11.4.1 – 11.6.1 | Not Vulnerable | None BIG-IP Analytics | None | 13.0.0 12.0.0 – 12.1.2 11.4.1 – 11.6.1 11.2.1 | Not Vulnerable | None BIG-IP APM | None | 13.0.0 12.0.0 – 12.1.2 11.4.1 – 11.6.1 11.2.1 | Not Vulnerable | None BIG-IP ASM | None | 13.0.0 12.0.0 – 12.1.2 11.4.1 – 11.6.1 11.2.1 | Not Vulnerable | None BIG-IP DNS | None | 13.0.0 12.0.0 – 12.1.2 | Not Vulnerable | None BIG-IP Edge Gateway | None | 11.2.1 | Not Vulnerable | None BIG-IP GTM | None | 11.4.1 – 11.6.1 11.2.1 | Not Vulnerable | None BIG-IP Link Controller | None | 13.0.0 12.0.0 – 12.1.2 11.4.1 – 11.6.1 11.2.1 | Not Vulnerable | None BIG-IP PEM | None | 13.0.0 12.0.0 – 12.1.2 11.4.1 – 11.6.1 | Not Vulnerable | None BIG-IP PSM | None | 11.4.1 | Not Vulnerable | None BIG-IP WebAccelerator | None | 11.2.1 | Not Vulnerable | None BIG-IP WebSafe | None | 13.0.0 12.0.0 – 12.1.2 11.6.0 – 11.6.1 | Not Vulnerable | None ARX | None | 6.2.0 – 6.4.0 | Not Vulnerable | None Enterprise Manager | None | 3.1.1 | Not Vulnerable | None BIG-IQ Cloud | None | 4.4.0 – 4.5.0 | Not Vulnerable | None BIG-IQ Device | None | 4.4.0 – 4.5.0 | Not Vulnerable | None BIG-IQ Security | None | 4.4.0 – 4.5.0 | Not Vulnerable | None BIG-IQ ADC | None | 4.5.0 | Not Vulnerable | None BIG-IQ Centralized Management | None | 5.0.0 – 5.3.0 4.6.0 | Not Vulnerable | None BIG-IQ Cloud and Orchestration | None | 1.0.0 | Not Vulnerable | None F5 iWorkflow | None | 2.0.0 – 2.3.0 | Not Vulnerable | None LineRate | None | 2.5.0 – 2.6.2 | Not Vulnerable | None Traffix SDC | None | 5.0.0 – 5.1.0 4.0.0 – 4.4.0 | Not Vulnerable | None * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>) * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>) * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>) * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)